Verifying multiple detached cleartext sig's

Werner Koch
Fri, 3 Sep 1999 21:23:25 +0200

"Todd L. Brooks" <> writes:

> Let's say you have a file which needs to be signed by multiple people. One
> thing to do is have each person create an individual detached cleartext
> signature, and then put all of them into one signature file.
> * In pgp6.5.1 if you verify such a file it will automatically verify all
> of these signatures.
I have not analyzed this yet. The reason may be that PGP5 does not use the one-pass signature packets but gpg creates a faked one in front of the cleartext and then later may not be aware, that you have more than one signature. Not to be fixed in 1.0.0 but I give it a bug number. -- Werner Koch at keyid 621CC013